Link to home
Start Free TrialLog in
Avatar of boydicus
boydicus

asked on

suddenly unable to logon to laptop when remote: "Domain is unavailable".

I am hoping that someone out there has seen this issue before and can help me understand what happened.  I have a user with a laptop who often works remotely.  She has a non-roaming profile, so when remote, she logs into her computer using her domain credentials and uses the local profile, all as we would expect.  This has been working for about a year.

Suddenly today, she was trying to start a program using "run as" for admin rights (as she has done successfully for many months).  The system refused the password ("...username or password are incorrect").  I had her log off and try logging on as that user, but it would not do so because "the domain controller cannot be reached".  "OK", i think, "maybe I never logged into her computer as that admin user".  So I have her try using my admin credentials that I know I have used on her machine before, and it logs in ok.  I have her log back in as herself and try to "run as" the account that we just succeeded as logging in as, but it tells her "bad username or password".  

Frustrated, I think I will have her log back in under my credentials and make her account a local admin.  However, once we log out, we are no longer able to log in as this same admin user; we get "the domain controller cannot be reached.".  In fact, we can no longer log in even as her original user!  We appear to be completely unable to log into the machine because it cannot find a DC!!  

I have never had this problem before and am rather stumped as to what could have caused it?  Does anyone out there have any idea
   A) why might this happen?
   B) how can I get around the problem?
   C) how can I prevent it happening again?

I am working on solving number B right now.  Currently, I have the user looking for a network cable she can borrow.  I am thinking maybe I can have her put a check in "log in using dial-up networking" and connect to the VPN as she logs in. thus allowing her computer to talk to the domain controller.  Any thoughts on if this would work?

The user is remote for a series of meetings and not having access to her computer is causing a LOT of stress right now, so any thoughts on solving this are greatly appreciated!

Thank you!
Avatar of Netman66
Netman66
Flag of Canada image

It's all about the profile.

Runas will work as expected while connected to the domain.
Runas will work as expected, provided the credentials used have a profile on the machine (have logged on at least once on the domain).
Runas will not work when trying to use credentials that don't satisfy one of the above.

Now, changing the user's rights basically broke the "cached" security token and therefore broke the cached logon - which requires reaching out to the DC to rebuild the token and recache it.

The fix....connect it to the domain and log in once.

ASKER CERTIFIED SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of boydicus
boydicus

ASKER

Netman66, thanks for your reply.  Please note that I never got a chance to change the user's profile.  In fact, it appears that "the problem" occurred while she was logged in.  I logged her out, then logged in as myself once, then logged in as herself once, and after that have been unable to log in as anyone.  The original account she was trying to use for "run as" was a local admin account, for what it is worth.

Any further thoughts would be greatly appreciated.
Didn't I read that when you logged in you added her to the Admin group?

Runas the local Admin account shouldn't have thrown any errors though...

So, the local Admin account doesn't work either?
You may also want to check to see if her actual account in AD has expired as well.

no, when I logged in as me initially it was just to see if it was possible.  I didnt think of adding her to admin group until my credentials failed on "run as".  Then I tried to log in as me again but was denied.  At that point I was unable to log back in as anyone.  

I used Remote Desktop to connect to a machine on her local network and was able to log in as her, so her account is good.  
Well, unless you can get her logged in with a local account, it may be necessary to have her log back in while connected to the LAN.

It sounds like all the cached credentials are messed up.

agreed.  To make it even more bizarre, she sent me a message that she just kept trying and trying the different accounts out of desperation, and suddenly "it started working".  I believe that she was able to log in using the connection to the VPN and this refreshed the credentials.  She can't confirm that this happened since by the end she was pretty much just flailing around.  I just wish I knew why this happened and how to guard against it in the future.  Thanks for the help.